Agent-Security

Anthropic dropped something significant yesterday: a full research framework titled Trustworthy Agents in Practice, published alongside the launch of Claude Managed Agents. It’s the clearest public articulation yet of how Anthropic thinks about safe, autonomous AI agent deployment — and it directly addresses the two biggest failure modes the industry is grappling with right now. Why This Matters Now AI agents are no longer prototype toys. Claude Code, Claude Cowork, and a growing ecosystem of third-party deployments are completing multi-step tasks — writing and running code, managing files, browsing the web, interacting with APIs — with minimal human supervision. That autonomy is the whole point. It’s also precisely where things can go wrong. ...

Anthropic published its Trustworthy Agents in Practice framework yesterday — a five-principle safety baseline for autonomous Claude agents. The principles are solid, but they’re abstract. This guide translates each one into concrete configuration and design choices you can make in OpenClaw today. The Five Principles (Quick Summary) Before the how-to: Anthropic’s framework names five principles for trustworthy agent operation: Human control — Maintain meaningful oversight; prefer reversible actions Alignment with user expectations — Act on intent, not just literal instruction Security — Resist prompt injection and adversarial inputs Transparency — Be honest about capabilities, limitations, and actions taken Privacy — Operate with minimum necessary access to data Each maps to specific choices in how you configure and constrain your agents. ...

If there was one message emanating from day two of RSAC 2026, it was this: agentic AI security is no longer a niche concern. It’s the defining enterprise security challenge of 2026, and the industry is mobilizing fast. From CrowdStrike’s new runtime protection tools to Palo Alto Networks’ Prisma AIRS 3.0 and a wave of vendors rethinking what “identity” means in a world of autonomous digital workers, Day 2 of the conference made clear that the security industry is finally taking AI agents seriously. ...

LangSmith Fleet formalizes two agent authorization models: Assistants (on-behalf-of user credentials) and Claws (fixed service-account credentials). Picking the wrong one creates either security gaps or broken functionality. This guide helps you choose and implement correctly. For background on why this distinction matters, see: LangChain Formalizes Two-Tier Agent Authorization in LangSmith Fleet Decision Framework: Which Model Do You Need? Answer these questions before you write a line of config: 1. Does the agent access data that belongs to the individual user interacting with it? ...

Databricks has been on a quiet march toward becoming the infrastructure layer for enterprise AI for years — data lakes, MLflow, Delta Lake, Unity Catalog. Today at RSAC 2026, the company took its most surprising market move yet: entering enterprise cybersecurity with the announcement of Lakewatch, an open agentic SIEM. What Is Lakewatch? SIEM stands for Security Information and Event Management — the category of tools that ingest security telemetry, correlate it, generate alerts, and support incident response. Splunk has dominated this category for years; SentinelOne, Microsoft Sentinel, and Elastic Security are the major challengers. ...

When Gartner publishes a first-ever Market Guide for a new technology category, it’s a signal that the category has crossed from experimental to enterprise-real. This February, Gartner did exactly that for Guardian Agents — AI systems designed to oversee, govern, and secure other AI agents. The broader coverage is arriving now, following a Hacker News article this week. The Headline Number (With Important Context) The most-cited figure from the report: ~70% of enterprises are already running AI agents in production. ...

One of the most consequential decisions in enterprise AI agent deployment is also one of the least discussed: should your agent act as the user, or as a service? LangChain’s Harrison Chase formalized this question in a March 23 post on “In the Loop,” LangChain’s developer newsletter, introducing the two-tier authorization model now available in LangSmith Fleet. The framework is called Assistants vs. Claws, and it directly addresses a security gap that enterprise teams have been quietly dealing with for months. ...

RSA Conference opened its doors in San Francisco on March 23, 2026, and the message was impossible to miss before the first keynote even ended: agentic AI security is now the primary concern of the entire enterprise security industry. For years, RSAC has been the place where the security industry takes collective stock of where threats are heading. This year, every major vendor arrived with the same answer: AI agents are the new attack surface, and the industry is barely ready for it. ...

There’s a wall every engineering team hits when they try to move AI agents from demo to production: identity and access management. An agent needs credentials to do anything useful — database access, API keys, infrastructure permissions. But credentials that live inside an agent are credentials that can be leaked, stolen, or misused. Traditional IAM wasn’t designed for ephemeral, autonomous software actors. And so most production agent deployments end up making one of two bad choices: over-permissioned agents with broad access they don’t need, or under-permissioned agents so locked down they can’t do their jobs. ...

Ask any platform engineer why their team hasn’t shipped AI agents to production yet, and you’ll get a version of the same answer: identity, access control, and audit trails. The problems aren’t exotic — they’re the same IAM challenges that have governed every production system for the past two decades. But the agent runtime has made them acutely worse. Teleport’s answer is Beams, announced at KubeCon CloudNativeCon Europe 2026 and launching as an MVP on April 30. ...